API Security CISO Richard Bird on the Power of Cyber Creativity

In cybersecurity, challenging the status quo isn't just a strategy — it's a necessity. It's the spark that ignites breakthroughs. It's the force that propels us in the ongoing battle against modern cyber threats.  

Recently, I had the privilege of talking with Richard Bird, the visionary Chief Security Officer at Traceable AI. Together, we discussed the latest cybersecurity innovation, including the power of storytelling and the strategic fusion of Zero Trust and API security. 

About Richard Bird: CISO at Traceable AI

Richard is a distinguished figure in cybersecurity. He is now the Chief Security Officer at Traceable AI, a top API security company. With extensive experience in both corporate and startup environments, he brings a wealth of knowledge to the field.  

His engaging presentations and distinct style are characterized by tattoos and bowties. They reflect his vibrant commitment to driving innovation in the cyber industry. Richard is a member of CyberTheory Zero Trust Institute. He is also an Executive Member of CyberEdBoard. He actively helps shape cybersecurity best practices.  

A non-traditional cybersecurity career path

Richard's unusual path into cybersecurity shows the power of diverse experiences.  

"There are very few things in my career that I'm just super proud of, and one of those is being a non-traditional technologist," he said "I didn't come from an MIS or CIS background; I came from a totally different track.”

Richard’s degrees in political science, international relations, and Japanese language alongside his time in the military and work as a construction project manager combined to make him a perfect, albeit unconventional, fit in tech.

"After I came out of the military, it just happened to be right at the nexus of time when project management was an extremely critical skill needed in technology. Somebody saw something in me that I didn't see myself,” he said.

Richard's transition into cybersecurity was serendipitous, driven by a blend of skill and opportunity – and creative thinking. If you've met Richard, you know he weaves storytelling and "mic drop" analogies into his cybersecurity approach.  

He cites music as a building block of his creativity and problem-solving mindset: “A natural inspiration and motivation touchstone for me comes from growing up listening to music. I heard incredible lyricists and musicians attack issues and problems within society with their words. When I speak publicly, one of my goals is to really connect with people emotionally.”

The cybersecurity gap: Awareness vs. action

Richard highlighted what he sees as a widespread issue of cognitive dissonance in the cyber industry: the gap between awareness and action. While organizations are better at acknowledging their security vulnerabilities, they are still finding it challenging to take the next step of securing against those risks.

Richard attributed this struggle to distractions and competing priorities in the corporate landscape which hinder efforts to proactively manage risks. When leadership doesn’t understand why security is important, they can’t prioritize budgets and initiatives effectively. From Richard’s view, creative storytelling can help bridge this divide, especially with non-expert audiences: "Storytelling is one of the major tools we have to help fill those gaps."

Extending Zero Trust to API security

As the Chief Security Officer at Traceable AI, Richard now focuses on one the most important and future-forward categories affecting the industry: API security.  

How does API security work? Think of it as having a lock on your front door, safeguarding your home. APIs act as the doors enabling software applications to exchange data. You secure your house from intruders by locking your doors. API security does the same for your data. It keeps unauthorized users out and stops them from tampering with it. It involves using security measures to thwart hackers from exploiting API vulnerabilities to preserve the safety of your digital assets.  

In today’s threat landscape, cyber resilience is critical for every organization. The best way to achieve resilience is through Zero Trust, a globally validated security strategy based on the mantra of “never trust, always verify.” For Richard, Zero Trust should be the “gold standard of cybersecurity,” especially with the proliferation of API use.

I asked Richard his thoughts on the future of Zero Trust and API security. Richard sees a cyber landscape where every layer, including APIs, is fortified with Zero Trust principles. This would create flexible, scalable networks that stay resilient against inevitable cyberattacks.  

As Richard succinctly puts it, "Zero Trust eliminates the easy ground," signaling a future where cybersecurity resilience is paramount. Mic drop.  

Listen, subscribe, and review The Segment: A Zero Trust Podcast

Want to hear my complete discussion with Richard? Listen to our episode on our website, Apple Podcasts, Spotify, or wherever you get your podcasts. You can also read a full transcript of the episode.  

We'll be back with more Zero Trust insights soon!